def switch_project_with_token(request):
token = request.session.get("passToken")
if request.method == 'POST':
data = json.loads(request.POST.get("data"))
project_name = data.get("project_name")
domain_name = request.session.get("domain_name")
auth_url = request.session.get("auth_url")
try:
keystone = KeystoneRestAPI(auth_url, token)
except Unauthorized as e:
request.session["error"] = {
"title": e.message,
"message": e.details
}
return JsonResponse({
"error": {
"title": e.message,
"message": e.details,
"code": 401
}
})
# result = keystone.get_token_with_scoped_by_token(project_id=project_id)
result = keystone.get_token_with_scoped_by_token(
domain_name=domain_name, project_name=project_name)
if result.get("success"):
# request.session.set_expiry(SESSION_COOKIE_AGE)
token = result['success']['token']
request.session["passToken"] = token
request.session["project_name"] = project_name
roles = result["success"].get("roles")
if roles:
roles_str = ','.join(role.get("name") for role in roles)
else:
roles_str = ""
user = result["success"].get("user")
project = result["success"].get("project")
request.session["user_id"] = user.get("id")
request.session["user_name"] = user.get("name")
request.session["project_id"] = project.get("id")
request.session["roles"] = roles_str
ctrl_engine = ControlEngine(token=token,
project_id=project.get("id"),
project_name=project_name,
user_id=user.get("id"),
user_name=user.get("name"),
roles=roles_str,
auth_url=auth_url)
request.session["ctrl_header"] = ctrl_engine.get_header()
return JsonResponse(result)
def login_soa(request):
data = None
try:
data = json.loads(request.POST.get("data"))
except ValueError as e:
result = {
"error": {
"title": e.message,
"message": "json malformed error"
}
}
else:
auth_url = data.get("auth_url")
user_name = data.get("user_name")
password = data.get("pass")
project_name = data.get("project_name")
soac_conn = SOAControlDBConnector.getInstance()
if auth_url == request.session.get("auth_url"):
domain_name = request.session.get("domain_name")
else:
domain = soac_conn.select_one(SELECT_SOAC_DOMAINS, auth_url)
domain_name = domain.get("domain_name")
token = None
roles = None
roles_str = None
project_id = None
user_id = None
keystone = None
# =================================Scope Login==================================
result = KeystoneRestAPI.get_token(auth_url, user_name, password,
domain_name, project_name)
# if type(result) == str:
# result = ast.literal_eval(result) # str 타입을 dictionary 타입으로 바꿈
if result.get('success'):
user = result["success"].get("user")
domain_id = user["domain"].get("id")
if not roles:
roles = result["success"].get("roles")
request.session["domain_id"] = domain_id
token = result['success']['token']
user_id = user.get("id")
if keystone is None:
keystone = KeystoneRestAPI(auth_url, token)
keystone.update_token(token)
roles_str = ','.join(role.get("name") for role in roles)
ctrl_engine = ControlEngine(token=token,
project_id=project_id,
project_name=project_name,
user_id=user_id,
user_name=user_name,
roles=roles_str,
auth_url=auth_url)
request.session["ctrl_header"] = ctrl_engine.get_header()
# ================================================
request.session["passToken"] = token
request.session["user_name"] = user_name
request.session["domain_name"] = domain_name
request.session["project_name"] = project_name
request.session["auth_url"] = auth_url
if roles_str:
request.session["roles"] = roles_str
else:
request.session["roles"] = None
if user_id:
request.session["user_id"] = user_id
if project_id:
request.session["project_id"] = project_id
return result, data
def common_login(request,
auth_url,
user_name,
password,
domain_name,
project_name=None):
available_projects = None
token = None
roles = None
roles_str = None
project = None
user = None
keystone = None
domain_id = None
# =================================UnScope Login==================================
if not project_name:
result = KeystoneRestAPI.get_token(auth_url, user_name, password,
domain_name)
if result.get("success"):
# request.session.set_expiry(SESSION_COOKIE_AGE)
token = result['success'].get('token')
roles = result["success"].get("roles")
user = result["success"].get("user")
if user:
user_name = user.get("name")
keystone = KeystoneRestAPI(auth_url, token)
available_projects = keystone.get_available_project_scopes()
# =================================Default 프로젝트==================================
if result["success"].get("project"):
project = result["success"].get("project")
# =================================접근 가능 프로젝트==================================
if not project and available_projects.get("success"):
if not available_projects["success"].get("projects"):
return {
"error": {
"title": "Forbidden",
"message": "모든 프로젝트에 접근 권한이 없습니다."
}
}
else:
project = available_projects["success"].get("projects")[0]
if project:
project_name = project.get("name")
# =================================Scope Login==================================
result = KeystoneRestAPI.get_token(auth_url, user_name, password,
domain_name, project_name)
# logger.info("""################## Scope Login ############
# auth_url: {}
# user_name: {}
# password: {}
# domain_name: {}
# project_name: {}
# result: {}""".format(auth_url, user_name, password, domain_name, project_name, result))
if result.get('success'):
request.session["domain_admin"] = False
# request.session.set_expiry(SESSION_COOKIE_AGE)
token = result['success'].get('token')
user = result["success"].get("user")
domain_id = user["domain"].get("id")
roles = result["success"].get("roles")
project = result["success"].get("project")
request.session["project_id"] = project.get("id")
request.session["project_name"] = project.get("name")
if not keystone:
keystone = KeystoneRestAPI(auth_url, token)
keystone.update_token(token)
if not available_projects:
available_projects = keystone.get_available_project_scopes()
request.session["available_projects"] = [{
"name":
available_project.get("name"),
"id":
available_project.get("id")
} for available_project in available_projects["success"].get(
"projects")]
if roles:
roles_str = ','.join(role.get("name") for role in roles)
elif user.get("name") == 'admin':
roles_str = user.get("name")
ctrl_engine = ControlEngine(token=token,
project_id=project.get("id"),
project_name=project.get("name"),
user_id=user.get("id"),
user_name=user_name,
roles=roles_str,
auth_url=auth_url)
request.session["ctrl_header"] = ctrl_engine.get_header()
# ================================================
request.session["passToken"] = token
request.session["user_name"] = user_name
request.session["domain_name"] = domain_name
request.session["auth_url"] = auth_url
request.session["domain_id"] = domain_id
request.session["roles"] = roles_str
if user:
request.session["user_id"] = user.get("id")
else:
request.session["user_id"] = None
if not project:
request.session["project_id"] = None
request.session["project_name"] = None
return result
